Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
151152153154155156157158159160
2-49
Initial Setup in Routing Mode
Configure Management Access
Note The connections listed in the Firewall section include both passive and active
connections. Passive connections are how the firewall reserves connections
for ALGs and configured reservations.
You should not be concerned with the number of connections, unless:
The maximum connection threshold for a zone is reached
The number of connections is unreasonably high
In these cases, you can access the module’s CLI and enter the show
connections command to view only the number of active connections. For
more information about this command, see “show connections” in Appendix
A: “Threat Management Services zl Module Command-Line Reference.”
Default Firewall Policies
Several unicast policies are automatically configured on the module when you
enable management access on a zone. Two of these policies permit you to
access the module from a Web browser or terminal session:
<management-access zone> to Self policies
Permit HTTPS, Any Address to Any Address
Permit SSH, Any Address to Any Address
To see the default policies, select Firewall > Access Policies > Unicast
Figure 2-22. <Management-Access Zone> to Self Policies
You can delete or modify these policies to further restrict access to the
module’s management interface. For example, if you do not want to allow
management through the Web browser interface, you can disable or delete the
policy. Also, if you want to lock the system so that only certain IP addresses
VPN
Packets In Number of IPsec packets that arrive per
second*
n/a
Packets Out Number of IPsec packets that are sent per
second*
n/a
*If you configure a VPN using GRE over IPsec or L2TP over IPsec, this field will display the number of all VPN packets
(including GRE and L2TP) per second.
Field Description How to Configure